diff options
| author | Özgür Kesim <oec@codeblau.de> | 2024-11-12 22:36:12 +0100 |
|---|---|---|
| committer | Özgür Kesim <oec@codeblau.de> | 2024-11-12 22:36:12 +0100 |
| commit | f5516b13fa50db2fc510584337d0641af8d21b23 (patch) | |
| tree | 1eb52b7362dec64eb81768b1695c3ad76e798e2c /nizk/stage1.go | |
| parent | e9e0b4f5551c8bcdfc83e7fb617e8919b3696c82 (diff) | |
BROKEN refactor: rewrote stage2; notice bug in definition and handling of Y
Diffstat (limited to 'nizk/stage1.go')
| -rw-r--r-- | nizk/stage1.go | 41 |
1 files changed, 19 insertions, 22 deletions
diff --git a/nizk/stage1.go b/nizk/stage1.go index 228970b..21d63c6 100644 --- a/nizk/stage1.go +++ b/nizk/stage1.go @@ -4,7 +4,6 @@ import . "kesim.org/seal/common" type Stage struct { x *Scalar - y *Scalar r *Scalar com *StageCommitment @@ -32,44 +31,42 @@ type Stage1Proof struct { Rho [2][2]*Scalar } -func (b *Bit) stage(x, y, r *Scalar) *Stage { +func (b *Bit) stage(x, r *Scalar) *Stage { + b.Commit() // ensure non-null values for A, B, C return &Stage{ - x: x, - y: y, - r: r, - + x: x, + r: r, bit: b, } } -func (b *Bit) CommitStage1() (c *Stage, s *StageCommitment, p *Stage1Proof) { - var x [3]*Scalar - for i := range x { - x[i] = Curve.RandomScalar() - } - return b.CommitStage1FromScalars(x[0], x[1], x[2]) +func (b *Bit) CommitStage1(Xs ...*Point) (c *Stage, s *StageCommitment, p *Stage1Proof) { + x := Curve.RandomScalar() + r := Curve.RandomScalar() + return b.CommitStage1FromScalars(x, r, Xs...) } -func (b *Bit) CommitStage1FromScalars(x, y, r *Scalar) (s *Stage, c *StageCommitment, p *Stage1Proof) { - s = b.stage(x, y, r) - return s, s.commit1(), s.proof1() +func (b *Bit) CommitStage1FromScalars(x, r *Scalar, Xs ...*Point) (s *Stage, c *StageCommitment, p *Stage1Proof) { + s = b.stage(x, r) + return s, s.commit(false, Xs...), s.proof1() } -func (s *Stage) commit1() *StageCommitment { +func (s *Stage) commit(lost bool, Xs ...*Point) *StageCommitment { if s.com != nil { return s.com } - var Z *Point - if s.bit.IsSet() { + var Y, Z *Point + Y = G // TODO! BUG! THIS HAS TO BE Pj<i(X_j)/Pj>i(X_j) + if !lost && s.bit.IsSet() { Z = G.Exp(s.x.Mul(s.r)) } else { - Z = G.Exp(s.x.Mul(s.y)) + Z = Y.Exp(s.x) } s.com = &StageCommitment{ Z: Z, X: G.Exp(s.x), - Y: G.Exp(s.y), + Y: Y, R: G.Exp(s.r), } return s.com @@ -81,8 +78,8 @@ func (s *Stage) proof1() *Stage1Proof { for _, s := range []**Scalar{&r1, &r2, &ρ1, &ρ2, &ω} { *s = Curve.RandomScalar() } - c := s.commit1() - bc, _ := s.bit.Commit() + c := s.commit(false) + bc := s.bit.com if s.bit.IsSet() { ε[0][0] = G.Exp(r1).Mul(c.X.Exp(ω)) |